> Chroot is a lot better than nothing, but it doesn't provide a
> secure jail, especially not for root. However, the following
> tools are intended to provide a secure jail, and may be of interest
> to you: SubDomain (http://www.immunix.org/subdomain.html), Janus
> (http://www.cs.berkeley.edu/~daw/janus/), and BSD's jail() system call
> come to mind. Also, may I point you to the Linux Security Modules project
> (http://lsm.immunix.org/)? I think you may find it of interest.
I havn't seen vserver mentioned in this thread.
http://www.solucorp.qc.ca/miscprj/s_context.hc
It disables a lot of capabilities (configurable) and other stuff.
Worth taking a look at.
-- /MartinNever argue with an idiot. They drag you down to their level, then beat you with experience. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/